US10848513B2ActiveUtilityA1
Threat mitigation system and method
Est. expiryJun 6, 2038(~11.9 yrs left)· nominal 20-yr term from priority
G06F 21/577H04L 63/1425G06N 7/01G06F 18/214G06F 2221/034G06F 21/568G06F 21/566G06F 21/562G06F 21/561G06F 21/53G06F 21/554H04L 63/0227G06F 21/55G06F 8/65H04L 63/20G06F 30/20G06N 20/00G06F 21/56H04L 63/145H04L 63/1408H04L 63/1416H04L 63/1441H04L 63/0263G06F 2221/2115H04L 63/164H04L 63/1433G06K 9/6256G06F 18/20
85
PatentIndex Score
1
Cited by
346
References
24
Claims
Abstract
A computer-implemented method, computer program product and computing system for: allowing a third-party to select a training routine for a specific attack of a computing platform, thus defining a selected training routine; analyzing the requirements of the selected training routine to determine a quantity of entities required to effectuate the selected training routine, thus defining one or more required entities; generating one or more virtual machines to emulate the one or more required entities; and generating a simulation of the specific attack by executing the selected training routine.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A computer-implemented method, executed on a computing device, comprising:
defining a selected training routine including receiving, from a third-party, a selection of a training routine for a specific attack of a computing platform;
analyzing requirements of the selected training routine to determine a quantity of entities required to effectuate the selected training routine to define one or more required entities;
generating one or more virtual machines to emulate the one or more required entities, wherein each of the one or more virtual machines that are generated correspond to a respective required entity of the one or more required entities, wherein the respective entity includes at least one of an attacked device, a first attacking device, and a second attacking device;
generating a simulation of the specific attack by executing the selected training routine;
rendering a view of the simulation of the specific attack for a trainee; and
receiving a trainee response to the simulation of the specific attack from the trainee, including revising the training routine for the specific attack based, at least in part, upon the trainee response.
2. The computer-implemented method of claim 1 wherein defining a selected training routine includes:
receiving, from the third-party, a selection of a specific training routine from a plurality of available training routines.
3. The computer-implemented method of claim 1 wherein generating the simulation of the specific attack by executing the selected training routine includes:
rendering the simulation of the specific attack by executing the selected training routine within a controlled test environment.
4. The computer-implemented method of claim 3 wherein the controlled test environment is a virtual machine executed on the computing device.
5. The computer-implemented method of claim 1 further comprising:
determining an effectiveness of the trainee response.
6. The computer-implemented method of claim 5 wherein determining the effectiveness of the trainee response includes:
assigning a grade to the trainee response.
7. The computer-implemented method of claim 1 further comprising:
ceasing the simulation of the specific attack.
8. The computer-implemented method of claim 7 wherein ceasing the simulation of the specific attack includes:
shutting down the one or more virtual machines.
9. A computer program product residing on a non-transitory computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations comprising:
defining a selected training routine including receiving, from a third-party, a selection of a training routine for a specific attack of a computing platform;
analyzing requirements of the selected training routine to determine a quantity of entities required to effectuate the selected training routine to define one or more required entities;
generating one or more virtual machines to emulate the one or more required entities, wherein each of the one or more virtual machines that are generated correspond to a respective required entity of the one or more required entities, wherein the respective entity includes at least one of an attacked device, a first attacking device, and a second attacking device;
generating a simulation of the specific attack by executing the selected training routine;
rendering a view of the simulation of the specific attack for a trainee; and
receiving a trainee response to the simulation of the specific attack from the trainee, including revising the training routine for the specific attack based, at least in part, upon the trainee response.
10. The computer program product of claim 9 wherein defining a selected training routine includes:
receiving, from the third-party, a selection of a specific training routine from a plurality of available training routines.
11. The computer program product of claim 9 wherein generating the simulation of the specific attack by executing the selected training routine includes:
rendering the simulation of the specific attack by executing the selected training routine within a controlled test environment.
12. The computer program product of claim 11 wherein the controlled test environment is a virtual machine executed on the computing device.
13. The computer program product of claim 9 further comprising:
determining an effectiveness of the trainee response.
14. The computer program product of claim 13 wherein determining the effectiveness of the trainee response includes:
assigning a grade to the trainee response.
15. The computer program product of claim 9 further comprising:
ceasing the simulation of the specific attack.
16. The computer program product of claim 15 wherein ceasing the simulation of the specific attack includes:
shutting down the one or more virtual machines.
17. A computing system comprising:
a hardware processor and a memory configured to perform operations comprising:
defining a selected training routine including receiving, from a third-party, a selection of a training routine for a specific attack of a computing platform;
analyzing requirements of the selected training routine to determine a quantity of entities required to effectuate the selected training routine to define one or more required entities;
generating one or more virtual machines to emulate the one or more required entities, wherein each of the one or more virtual machines that are generated correspond to a respective required entity of the one or more required entities, wherein the respective entity includes at least one of an attacked device, a first attacking device, and a second attacking device;
generating a simulation of the specific attack by executing the selected training routine;
rendering a view of the simulation of the specific attack for a trainee; and
receiving a trainee response to the simulation of the specific attack from the trainee, including revising the training routine for the specific attack based, at least in part, upon the trainee response.
18. The computing system of claim 17 wherein defining a selected training routine includes:
receiving, from the third-party, a selection of a specific training routine from a plurality of available training routines.
19. The computing system of claim 17 wherein generating the simulation of the specific attack by executing the selected training routine includes:
rendering the simulation of the specific attack by executing the selected training routine within a controlled test environment.
20. The computing system of claim 19 wherein the controlled test environment is a virtual machine executed on the computing device.
21. The computing system of claim 17 further comprising:
determining an effectiveness of the trainee response.
22. The computing system of claim 21 wherein determining the effectiveness of the trainee response includes:
assigning a grade to the trainee response.
23. The computing system of claim 17 further comprising:
ceasing the simulation of the specific attack.
24. The computing system of claim 23 wherein ceasing the simulation of the specific attack includes:
shutting down the one or more virtual machines.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.